Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSS - Bridged vs Routed

I'm at the design stage and have a choice of going either way for the solution. Has anyone got any critical reasons why 1 method should be chosen over the other - Bridged vs Routed?

I haven't found any specific things that won't work in each scenario, so just looking for some pointers. Thanks.

1 REPLY
New Member

Re: CSS - Bridged vs Routed

Since the CSS needs to be in the path between the client host and the service host, you have to take care to ensure that all the service hosts will always be "behind" the CSS when you run it as a bridge.

I got bitten by this charateristic (CSS is not a proxy) when my network changed from:

WAN-Firewall-CSS-Services

to

WAN-Firewall-CSS-Services

_______|_________________

______TEST---Services

And the client expected me to balance the services hosted in the test network. Fortunately we use SSL and the Sonicwall SSL accelerators we have ARE proxies, so I was still able to make it work, since the SSL accelerators are directly connected to the CSS and the two flows are Customers-SSL and SSL-Services and the CSS is in the middle of each flow.

If all you've got "behind" the CSS are services that the CSS balances - then using the CSS as a router makes some sense. If you've got lots of networks behind the CSS and only a few of them have services on them, using it as a bridge and letting a router do the routing may make more sense.

Best wishes,

Tim

134
Views
0
Helpful
1
Replies